CVE-2021-31357

Junos OS Evolved: shell-injection vulnerabilities in evo_tcpdump UI wrapper script

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-S2-EVO; 21.1 versions prior to 21.1R2-EVO; 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO.

Una vulnerabilidad de inyección de comandos en el procesamiento de comandos tcpdump en Juniper Networks Junos OS Evolved permite a un atacante con acceso autenticado a la CLI ser capaz de omitir las protecciones de acceso configuradas para ejecutar comandos de shell arbitrarios dentro del contexto del usuario actual. La vulnerabilidad permite a un atacante omitir las restricciones de autorización de comandos asignadas a su cuenta de usuario específica y ejecutar comandos que están disponibles para el nivel de privilegio para el que el usuario está asignado. Por ejemplo, un usuario que está en la clase de inicio de sesión de superusuario, pero restringido a la ejecución de comandos específicos de la CLI podría explotar la vulnerabilidad para ejecutar cualquier otro comando disponible para un usuario administrador sin restricciones. Esta vulnerabilidad no aumenta el nivel de privilegios del usuario, sino que omite cualquier restricción de comandos de la CLI al permitir el acceso completo al shell. Este problema afecta a Juniper Networks Junos OS Evolved: Todas las versiones anteriores a 20.3R2-S1-EVO; las versiones 20.4 anteriores a 20.4R2-S2-EVO; las versiones 21.1 anteriores a 21.1R2-EVO; las versiones 21.2 anteriores a 21.2R1-S1-EVO, 21.2R2-EVO

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-04-15 CVE Reserved
2021-10-19 CVE Published
2023-05-12 EPSS Updated
2024-09-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://kb.juniper.net/JSA11221	2022-10-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				<= 20.3 Search vendor "Juniper" for product "Junos Os Evolved" and version " <= 20.3"		-		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				20.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"		r1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				20.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"		r1-s1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				20.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"		r1-s2		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				20.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"		r2		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				20.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"		r2-s1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				20.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"		r2-s2		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				20.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"		r2-s3		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				20.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"		r3		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"		-		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"		r1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"		r1-s1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"		r2		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"		r1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"		r1-s1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"		r2		Affected